Spam Alert: New ‘IRS Stimulus Payment’ Phishing Scam
Playing on the financial angst of consumers, criminals posing as the IRS and armed with e-mail addresses such as email@example.com and firstname.lastname@example.org, are trying once again to deceive the unwary.
How do you know if it’s a scam? For starters, the IRS does not initiate taxpayer communications through e-mail. Ever.
This scam contains a ‘form’ for you to download. In the variant I received, clicking on the form actually took me to a defunct Web site. In researching this scam, the Web site link appears to change frequently. NEVER click on, or download something from an e-mail you receive from somebody you don’t know.
The IRS has a page you can refer to for help in identifying fraudulent e-mails and Web sites claiming to be from the IRS. You may also want to forward suspicious e-mails to the Federal Trade Commission at: email@example.com.
Test your skills
You should be able to find at least six red flags that tell you this e-mail is fraudulent. Click on the picture below to see the answers, but try to find them yourself, first. If you find all six, you’re a pro with little to worry about. If you find fewer than four, consider practicing on some more examples in our Safety Guides.
How well did you do? Click on the picture see the risks highlighted.
- Bogus IRS address though clever, firstname.lastname@example.org is not a legitimate IRS e-mail address. Always check with the company, agency, or entity to see if the e-mail address being used is in fact legitimate. Remember: the IRS does not contact taxpayers via e-mail, but always uses US mail for all official communication.
- The spammer does not know your name – the IRS would.
- Look closely at the form attached – there is an extra .htm added to the end of it. This means it is not a form at all, but a Web site. Additionally, no financial institution - IRS, bank or credit card company will ask for your account details or personal information in an e-mail.
- The e-mail demands urgent action on your part they want you to act before you think.
- Again, the e-mail is not addressed to you. Any legitimate sender knows who you are.
- You are asked to download something from a sender you don’t know.